I use su and/or a root shell. This combination was not in the poll so I didn't cast a vote so as not to pollute the statistics. The times I've looked at sudo, I found it totally opaque and decided not to use something I didn't understand. When I do admin tasks there's usually lots to do, so a root shell is very convenient. I know this is not considered good practice and I'm not recommending it to anyone. It has worked for me on home systems that are not regularly connected to the 'net. (Having written this, it seems likely I'll now go and delete the root filesystem by accident. )

I use sudo on the desktop machines but on production servers, I use only su.

__________________religions, worst damnation of mankind"If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus TorvaldsLinux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”.vermaden's:linksresourcesdeviantartspreadbsd

I can only assume you are referring to Ubuntu. Note that sudo(8) is currently maintained by one of the OpenBSD developers. It is not a Linuxism imported into the *BSD world.

If you object to the restrictions that sudo places on users/administrators, note that this can be fine-tuned. A primary reason I created this thread was to advocate that sudo doesn't have to be taken with its default configuration. It is quite configurable.

An administrative problem with su(1) is that knowledge of the root password provides total access to a system. With sudo, an access policy can be constructed to provide limited access, & the root password doesn't have to be disclosed. From an administrative standpoint, this is a win when considering security.

We make fairly heavy use of sudoers file at work. Our backups account, for example, can run rsync without a password, but only when connecting from the backups servers. Our vidcon tech can manage/edit gatekeeper-related stuff on the firewalls but nothing else. Our helpdesk can run specific commands on remote servers, but only when connecting from the board office. And so on.

Much nicer than having 15-odd people knowing the root password.

But, the nicest thing about sudo is that every invocation is logged so we have an audit trail. Someone logged in as root (via console, su, ssh if enabled) can screw something up and we wouldn't know who did what or when.